[Kitetoa, les pizzaïolos du Ouèb

w00giving 99 -4-

 
Sommaire de ce dossier
Ze advisories
Ze linkz
w00w00 Security Development (WSD)
http://www.w00w00.org/advisories.html

---------------------------------------------------------------------------
Relocation of w00w00.org:
After being relocated, http://www.w00w00.org is up and running.  Although
we are using an old backup of the site (off the mirror), we have added
a new w00bio and w00giving (advisories) section.  When we receive the
newest backup of the site, we'll finish updating (notice all the new
w00quotes!).  You find our bio, articles, code/projects, and advisories
on the site.  Send us your input.

Note on w00w00:
At 30+ active members (in seven countries, three continents, and twelve
US states), w00w00 has grown into the world's largest non-profit security
team.  Of course, we love our nearest competitors, Cult of the Dead Cow
(CDC), at 22-23 members.  [The largest for-profit security team that I am
aware of is ISS's X-Force.]

---------------------------------------------------------------------------
Discovered by: ktwo (ktwo@ktwo.ca)

When patches/fixes are applied to binaries on UnixWare 7, the original,
unpatched binary files (with the suid/sgid bits maintained) are stored
in /var/sadm.  By default, the permissions on this directory is 755.
This allows normal users to execute and exploit old binaries leftover
from patching.

---------------------------------------------------------------------------
Patch:

Run 'chmod o-rx /var/sadm' to remove read/execution privileges for normal
users.
---------------------------------------------------------------------------

Contributors to w00giving '99: awr, jobe, Sangfroid, rfp, vacuum,
interrupt, dmess0r, marc, kitekoa, and K2

People who deserve hellos: nocarrier, minus, daveg, nny, dark
spyrit (and beavuh), and blakew

w00giving '99 advisories are being archived by
kitekoa at:
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Fest/advisories.htm

 

Page d'accueil

Nous écrire
By mail

Nous envoyer des commentaires
By la page de le Feed-Back

Les mailing-lists

Nouveautés

Les stats du serveur

et...

Qui sommes-nous?

Le Sommaire
de
Kitetoa
(orientation...)

Sommaire général du site
(voir tout le contenu)

Les rubriques!

Les livres publiés par Kitetoa
Les Textes
Les interviews

Kit'Investisseurs
Fonds d'écran et autres trucs

Les rubriques!
(suite)
Les Let-R-s

Des Images
On s'en fout!

KitEcout'
KessTaVu? -KiteToile
Voyages

Statisticator, l'autre site...

Les dossiers :

Precision [ZataZ]
Le monde fou des Admins
Defcon
Le hack le plus bizarre
Guerre de l'info
Convention contre la cyber-criminalité
Hack

Questionnaire visant à améliorer le contenu de  ce site si c'est possible et pas trop compliqué

Réponses au questionnaire visant...
(merci)

Le Forum
Kitetoa-blah-blah

Rechercher
sur le site

...et sur le Net


Des liens
et
D'autres choses du Ouèb